[Owasp-board] Secure Coding Quick Reference
paulo.coimbra at owasp.org
Mon Aug 9 16:17:47 UTC 2010
First of all, thank you for volunteering to lead an OWASP Project. It is
with volunteers like yourself that OWASP continues to succeed in making
application security visible.
Second, regarding your new leadership of this project, I'd like to request
that you send a project roadmap - basically the high level details of where
you'd like to take the project. The OWASP Global Projects Committee (GPC)
will look at the roadmap and provide feedback on your project: suggesting
projects which are closely related, resources and contacts which may assist
your efforts and any other suggestions to increase your project's success.
To get your project started, here are a couple of references for your
- The Guidelines for OWASP Projects provide a quick overview of items key
to a projects success -
- OWASP's Assessment Criteria is the metric by which projects are
evaluated. There are three categories for projects: Alpha, Beta, and
Release. The Assessment Criteria allows project leaders to know what
aspects of projects OWASP values -
- OWASP's GPC blog - http://globalprojectscommittee.wordpress.com/,
Your project will have an OWASP wiki page to inform and promote your project
to the OWASP community. To setup your project's page, please provide the
details below so that the GPC can establish your initial project page. The
details provided will be used to complete OWASP's project template. Feel
free to add any additional information to wiki page or request assistance
about how to add to your projects wiki page.
Details to create your project page:
(0) Project Name,
(1) Project purpose / overview,
(2) Project Roadmap (as mentioned above),
(3) Project links (if any) to external sites,
(4) Project License
(5) Project Leader name,
(6) Project Leader email address,
(7) Project Leader wiki account - the username (you'll need this to edit the
(8) Project Maintainer (if any) - name, email and wiki account (if any),
(9) Project Contributor(s) (if any) - name email and wiki account (if any),
As your project reaches a point that you'd like OWASP to assist in its
promotion, the GPC will need the following to help spread the word about
* Conference style presentation describing the project in at least 3 slides
* Project Flyer/Pamphlet (PDF file) -
As work on your project progresses and you are ready to create a release,
please let the GPC know of the change in status. The GPC can work with you
to get your project assessed and moved up the OWASP quality ladder from
Alpha to Beta to Stable. Every release does not require an assessment -
feel free to email the GPC if you are unsure about your project's
requirements. For examples of projects at various quality levels, please
see the OWASP Project page -
That is all for now - I wish you and your project great success. Thank you
for supporting OWASP's mission.
Should you have any questions or require any further information, please do
not hesitate to contact me.
Many thanks, best regards,
<https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
From: Matt Tesauro [mailto:mtesauro at gmail.com]
Sent: sábado, 7 de Agosto de 2010 21:53
To: Turpin, Keith N; Paulo Coimbra
Subject: Re: Secure Coding Quick Reference
Keith: Meet Paulo Coimbra (Master of Project for OWASP)
Paulo: Keith works at Boeing and has been working with me to get his Secure
Coding Quick Reference donated to OWASP. The work for the donation is now
So, Keith needs a project page setup on the OWASP wiki and everything needed
to allow him to start this as a real OWASP project. Can you provide Keith
with what he needs to start this OWASP project.
BTW, he will be speaking about his project at App Sec US in September so
he's eager to get started.
Both Keith & Paulo: Let me know if you need any further assistance from me.
-- Matt Tesauro
OWASP Board Member
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download site
On 8/6/10 3:59 PM, Turpin, Keith N wrote:
> No I don't think anything has been done yet, as we were waiting for
> the transfer to complete.
> Keith Turpin CISSP, CSSLP The Boeing Company Information Security
> (206) 683-9667
> Email Notice: This communication may contain sensitive information.
> If you are not the intended recipient, or believe that you have
> received this communication in error, do not print, copy, retransmit,
> disseminate or otherwise use the information. Respond to the sender
> that you have received this e-mail in error, and delete the copy you
> -----Original Message----- From: Matt Tesauro
> [mailto:mtesauro at gmail.com] Sent: Friday, August 06, 2010 12:57 PM
> To: Turpin, Keith N Subject: Re: Secure Coding Quick Reference
> I'd be happy to help you get the material up on the OWASP site. One
> quick question: Does the document already have an OWASP project site?
> -- -- Matt Tesauro OWASP Board Member OWASP Live CD Project Lead
> http://AppSecLive.org - Community and Download site
> On 8/6/10 2:20 PM, Turpin, Keith N wrote:
>> The transfer of the copyright of the secure coding guide to OWASP is
>> now complete.
>> I just faxed my OWASP contributors agreement in.
>> I want to do an update to the document before it is posted. I had
>> held off until the transfer completed to minimize the chances of any
>> disruption in the process. Basically I want to add a section on how
>> to use the guide, add the OWASP logo and creative commons license
>> I am also working on the presentation and project flier.
>> I have been accepted as a speaker at AppSec US in September to
>> introduce the guide, so I need to have the project up by then. I just
>> got back from Blackhat and Defcon so I am just getting caught up and
>> plan to work on this next week.
>> Once I have everything ready can you help me get through the process
>> of getting it setup on the site?
>> Thanks for all your help and support with the copyright transfer.
>> Keith Turpin CISSP, CSSLP The Boeing Company Information Security
>> (206) 683-9667
>> Email Notice: This communication may contain sensitive information.
>> If you are not the intended recipient, or believe that you have
>> received this communication in error, do not print, copy, retransmit,
>> disseminate or otherwise use the information. Respond to the sender
>> that you have received this e-mail in error, and delete the copy you
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board